Re: Unable to impersonate another user although having its cookie

[José Manuel Molina Pascual <raistlinmolina () gmail com>]

It's very easy to get the ip of the client and invalidate the session
if the session (obtained from the cookie) and the ip do not match what
the app has stored from previous requests.

Maybe is your case.

BR

--
You never see animals going through the absurd and often horrible
fooleries of magic and religion... Dogs do not ritually urinate in the
hope of persuading heaven to do the same and send down rain. Asses do
not bray a liturgy to cloudless skies. Nor do cats attempt, by
abstinence from cat's meat, to wheedle the feline spirits into
benevolence. Only man behaves with such gratuitous folly. It is the
price he has to pay for being intelligent but not, as yet, quite
intelligent enough.
(Aldoux Huxley)

It has become almost a cliche to remark that nobody boasts of
ignorance of literature, but it is socially acceptable to boast
ignorance of science and proudly claim incompetence in mathematics.
(Richard Dawkins)

Most people would sooner die than think; in fact, they do so.
(Bertrand Russell).

Either you repeat the same conventional doctrines everybody is saying,
or else you say something true, and it will sound like it's from
Neptune.
(Noam Chomsky)